This didn't work and I always got:
[root@salt]# /usr/bin/foreman-node raul-gries.stage.atix
Couldn't retrieve ENC data: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Then, I had a look at the code in smart_proxy_salt to find out, for which the certificates are used. In the documentation it is specified, to configure that similar to puppet. Therefore I had a look at the node.rb in /etc/puppetlabs/puppet. node.rb is using foreman.yaml from /etc/puppetlabs/puppet and for this, there are "similar" ssl certificate configurations.
Therefore, I changed the /etc/salt/foreman.yaml to look similar to /etc/puppetlabs/puppet/foreman.yaml:
That sounds like you were using Puppet 3 paths with a Puppet 4
installation. The documentation should at least mention this, but likely
default to the Puppet 4 paths and warn about Puppet 3 paths.
···
On Mon, May 08, 2017 at 01:52:35PM +0200, Bernhard Suttner wrote:
> Hi,
>
> I tried to configure salt in forman using:
>
> https://www.theforeman.org/plugins/foreman_salt/7.0/index.html
>
> In this documentation, it is specified, that in /etc/salt/foreman.yaml you need to specify:
>
> :ssl_ca: /var/lib/puppet/ssl/certs/ca.pem
> :ssl_key: /var/lib/puppet/ssl/private_keys/foreman.example.com.pem
> :ssl_cert: /var/lib/puppet/ssl/certs/foreman.example.com.pem
>
> This didn't work and I always got:
> [root@salt]# /usr/bin/foreman-node raul-gries.stage.atix
> Couldn't retrieve ENC data: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>
> Then, I had a look at the code in smart_proxy_salt to find out, for which the certificates are used. In the documentation it is specified, to configure that similar to puppet. Therefore I had a look at the node.rb in /etc/puppetlabs/puppet. node.rb is using foreman.yaml from /etc/puppetlabs/puppet and for this, there are "similar" ssl certificate configurations.
>
> Therefore, I changed the /etc/salt/foreman.yaml to look similar to /etc/puppetlabs/puppet/foreman.yaml:
>
> :ssl_ca: "/etc/puppetlabs/puppet/ssl/ssl_ca.pem"
> :ssl_cert: "/etc/puppetlabs/puppet/ssl/client_cert.pem"
> :ssl_key: "/etc/puppetlabs/puppet/ssl/client_key.pem"
>
> And finally. Its working. Maybe I did something completely wrong. Or there is a nice documentation mistake.
This didn’t work and I always got:
[root@salt]# /usr/bin/foreman-node raul-gries.stage.atix
Couldn’t retrieve ENC data: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Then, I had a look at the code in smart_proxy_salt to find out, for which the certificates are used. In the documentation it is specified, to configure that similar to puppet. Therefore I had a look at the node.rb in /etc/puppetlabs/puppet. node.rb is using foreman.yaml from /etc/puppetlabs/puppet and for this, there are “similar” ssl certificate configurations.
Therefore, I changed the /etc/salt/foreman.yaml to look similar to /etc/puppetlabs/puppet/foreman.yaml:
And finally. Its working. Maybe I did something completely wrong. Or there is a nice documentation mistake.
That sounds like you were using Puppet 3 paths with a Puppet 4
installation. The documentation should at least mention this, but likely
default to the Puppet 4 paths and warn about Puppet 3 paths.